def handler(event, context):
response = MaltegoTransform() # Maltego XML Response Object
if ("body" in event):
request = MaltegoMsg(
event["body"]) # Maltego XML Request Object (what we got in)
sampleTransform(request, response)
xmlResponse = response.returnOutput()
else:
xmlResponse = get_exception_message() # We didnt get a body? yikes!
return {
'body': '{}'.format(xmlResponse),
'headers': {
'Content-Type': 'text/xml'
},
'statusCode': 200
}
def trx_getstastuscode(data):
trx = MaltegoTransform()
website = data.Value
url = 'http://{0}'.format(website)
try:
r = requests.get(url)
trx.addEntity('maltego.Phrase', str(r.status_code))
except:
trx.addUIMessage(
'Whoops, that doesn\'t look like a valid website address')
return trx.returnOutput()
"""
Get create date from an app.
:param key:
:return:
"""
from datetime import datetime
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
if len(data['result']['createDate']) > 0:
createDate = data['result']['createDate'].encode('utf-8')
datetime = datetime.strptime(createDate, '%Y-%m-%dT%H:%M:%SZ')
m.addEntity(te.FIELD, datetime.strftime('%Y-%m-%d %H:%M:%S'), te.FIELD_NAME, 'createDate')
"""
Get create date from an app.
:param key:
:return:
"""
from datetime import datetime
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'recentChanges' in details:
m.addEntity(te.FIELD, str(details['recentChanges'].encode('utf-8')), te.FIELD_NAME, 'recentChanges')
if 'description' in details:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Search apps by emails
:param field: emails to find
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
field = sys.argv[1]
try:
query = 'anyLinks:"%s"'%field
result = api.search_apps(query=query,maxResults=100)
if result is not None:
data = result.get_data()
if 'result' in data and data['result'] is not None and 'applications' in data['result'] and data['result']['applications']:
for data in data['result']['applications']:
if 'key' in data and data['key'] is not None:
application = data['key']
m.addEntity(te.KEY, application.encode('utf-8'))
else:
m.addUIMessage("Key not found in results.")
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get permission from app.
:param key: key from app
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
app = sys.argv[1]
try:
result = api.get_app_details(app)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'developerName' in details:
if len(details['developerName']) > 0:
m.addEntity(te.ALIAS, str(details['developerName'].encode('utf-8')), te.FIELD_NAME, 'developerName')
if 'developerPrivacy' in details:
# -*- coding: utf-8 -*-
"""
Get create date from an app.
:param key:
:return:
"""
from datetime import datetime
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'deadDate' in details:
deadDate = details['deadDate'].encode('utf-8')
datetime = datetime.strptime(deadDate, '%Y-%m-%dT%H:%M:%SZ')
m.addEntity(te.FIELD, datetime.strftime('%Y-%m-%d %H:%M:%S'),
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get all details from app.
:param key:
:return:
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'packageName' in details:
m.addEntity(te.FIELD, details['packageName'].encode('utf-8'), te.FIELD_NAME, 'packageName')
if 'hashPath' in details:
m.addEntity(te.HASH, details['hashPath'].encode('utf-8'), te.FIELD_NAME, 'hashPath or SHA-1')
if 'md5' in details:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Search certificate by key app.
For more information see User Manual.
:param key: key to search, for example: com.elevenpaths.android.latch11GooglePlay
:return:
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'certificateValidFrom' in details:
if len(details['certificateValidFrom']) > 0:
certificateValidFrom = details['certificateValidFrom']
m.addEntity('maltego.Phrase', certificateValidFrom, te.FIELD_NAME, 'certificateValidFrom')
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get permission from app.
:param key: key from app
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
app = sys.argv[1]
try:
result = api.get_app_details(app)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'nPermissions' in details:
if len(details['nPermissions']) > 0:
m.addEntity(te.FIELD, str(details['nPermissions']),
te.FIELD_NAME, 'nPermissions')
if 'permissionName' in details:
if len(details['permissionName']) > 0:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get permission from app.
:param key: key from app
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
app = sys.argv[1]
try:
result = api.get_app_details(app)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'nPermissions' in details:
if len(details['nPermissions']) > 0:
m.addEntity(te.FIELD, str(details['nPermissions']), te.FIELD_NAME, 'nPermissions')
if 'permissionName' in details:
if len(details['permissionName']) > 0:
# -*- coding: utf-8 -*-
"""
Get create date from an app.
:param key:
:return:
"""
from datetime import datetime
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'recentChanges' in details:
m.addEntity(te.FIELD,
str(details['recentChanges'].encode('utf-8')),
te.FIELD_NAME, 'recentChanges')
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get permission from app.
:param key: key from app
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
app = sys.argv[1]
try:
result = api.get_app_details(app)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'nPermissions' in details:
m.addEntity(te.FIELD, str(details['nPermissions']), te.FIELD_NAME, 'nPermissions')
if 'createDate' in details:
m.addEntity(te.FIELD, str(details['createDate']), te.FIELD_NAME, 'createDate')
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get permission from app.
:param key: key from app
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
app = sys.argv[1]
try:
result = api.get_app_details(app)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'emails' in details:
permissions = details['emails']
for i in permissions:
m.addEntity(te.EMAIL,i, te.FIELD_NAME, 'emails')
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get all details from app.
:param key:
:return:
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'packageName' in details:
m.addEntity(te.FIELD, details['packageName'].encode('utf-8'),
te.FIELD_NAME, 'packageName')
if 'hashPath' in details:
m.addEntity(te.HASH, details['hashPath'].encode('utf-8'),
te.FIELD_NAME, 'hashPath or SHA-1')
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Search certificate by key app.
For more information see User Manual.
:param key: key to search, for example: com.elevenpaths.android.latch11GooglePlay
:return:
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
key = sys.argv[1]
try:
result = api.get_app_details(key)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'certificateValidFrom' in details:
if len(details['certificateValidFrom']) > 0:
certificateValidFrom = details['certificateValidFrom']
m.addEntity('maltego.Phrase', certificateValidFrom,
te.FIELD_NAME, 'certificateValidFrom')
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Search apps by emails
:param field: emails to find
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
field = sys.argv[1]
try:
query = 'anyLinks:"%s"' % field
result = api.search_apps(query=query, maxResults=100)
if result is not None:
data = result.get_data()
if 'result' in data and data[
'result'] is not None and 'applications' in data[
'result'] and data['result']['applications']:
for data in data['result']['applications']:
if 'key' in data and data['key'] is not None:
application = data['key']
m.addEntity(te.KEY, application.encode('utf-8'))
else:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Search apps by certificate fingerprints
:param field: fingerprint to find
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
field = sys.argv[1]
try:
query = "certificateFingerprint:%s"%field
result = api.search_apps(query=query,maxResults=100)
data = result.get_data()
if 'result' in data and data['result'] is not None and 'applications' in data['result'] and data['result']['applications']:
for data in data['result']['applications']:
if 'key' in data and data['key'] is not None:
application = data['key']
m.addEntity(te.KEY, application.encode('utf-8'))
else:
m.addUIMessage("The key is not found in the results")
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Get permission from app.
:param key: key from app
:return: keys from the apps founds.
"""
from tacyt import TacytApp
from maltego.MaltegoTransform import *
from APIManagement import Tacyt
from maltego.Entities import TacytEntities as te
api = TacytApp.TacytApp(Tacyt.APP_ID, Tacyt.SECRET_KEY)
m = MaltegoTransform()
app = sys.argv[1]
try:
result = api.get_app_details(app)
data = result.get_data()
if 'result' in data and data['result'] is not None:
details = data['result']
if 'emails' in details:
permissions = details['emails']
for i in permissions:
m.addEntity(te.EMAIL, i, te.FIELD_NAME, 'emails')
else: